The Kafka REST Proxy 2.0.1 for MapR-ES provides a RESTful interface to MapR-ES clusters to consume and produce messages and to perform administrative operations. This release of Kafka REST Proxy
2.0.1 is associated with MEP 2.x, 3.x, and 4.x.

Before you start developing applications on MapR’s Converged Data Platform, consider how you will get the data onto the
platform, the format it will be stored in, the type of processing or modeling that is required, and how the data will
be accessed.

A MapR Ecosystem Pack (MEP) provides a set of ecosystem components that work together on one or more MapR cluster versions. Only one version of
each ecosystem component is available in each MEP. For example, only one version of Hive and one version of Spark is supported in a MEP.

The Kafka REST Proxy 2.0.1 for MapR-ES provides a RESTful interface to MapR-ES clusters to consume and produce messages and to perform administrative operations. This release of Kafka REST Proxy
2.0.1 is associated with MEP 2.x, 3.x, and 4.x.

MapR supports public APIs for MapR-FS, MapR-DB, and MapR-ES. These APIs are available for application development purposes.

Kafka REST 2.0.1: User Impersonation

Describes how to disable, enable, and use Impersonation with Kafka REST

User impersonation enables Kafka REST jobs to be submitted as a particular user. Without impersonation,
Kafka REST submits jobs as the user that started Kafka REST server.

On a MapR cluster, the impersonated user is typically the mapr user or the user specified
in the MAPR_USER environment variable. By default impersonation and PAM authentication in Kafka REST are enabled.

Enabling User Impersonation

To enable user impersonation, you need to first set the PAM authentication properties in
the kafka-rest.properties file and then set the rest.proxy.enable.doAs property.

Enable PAM authentication. Set the following properties in
opt/mapr/kafka-rest/kafka-rest-2.0.1/config/kafka-rest.properties:

authentication.method=BASIC

authentication.realm=jpamLogin

Once authentication is enabled, set the following property in
/opt/mapr/kafka-rest/kafka-rest-2.0.1/config/kafka-rest.properties:

rest.proxy.enable.doAs=true

Disabling User Impersonation

To disable user impersonation, you need to first disable the PAM authentication properties
in the kafka-rest.properties file and then disable the rest.proxy.enable.doAs property.

Disable PAM authentication. Set the following properties in
opt/mapr/kafka-rest/kafka-rest-2.0.1/config/kafka-rest.properties:

authentication.method=NONE

authentication.realm=""

Once authentication is disabled, set the following property in
/opt/mapr/kafka-rest/kafka-rest-2.0.1/config/kafka-rest.properties:

rest.proxy.enable.doAs=false

Example: Verify that a list of topics is owned by an impersonated user

This example gets a list of topics from a particular stream and then checks that it is
owned by a particular user. Depending on whether or not impersonation is enabled (the
default) or not, you need to use a different
curl command.